Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CORE-2009-003 - Local file inclusion on Windows

By Drupal Security Team on 25 Feb 2009 at 18:16 UTC

Advisory ID: DRUPAL-SA-CORE-2009-003
Project: Drupal core
Versions: 6.x
Date: 2009-February-25
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Local file inclusion on Windows

SA-CONTRIB-2009-007 - Advertisement Cross-site scripting

By greggles on 11 Feb 2009 at 20:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-007
Project: Advertisement module (third-party module)
Versions: 5.x, 6.x
Date: 2009 February 11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-006 - Troll - Cross site request forgeries

By Drupal Security Team on 11 Feb 2009 at 18:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-006
Project: Troll (third-party module)
Version: 5.x
Date: 2009 February 11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross-site request forgeries (CSRF)

Drupal core - Administer content types permission - PSA-2009-001

Date:

2009-February-11

Project: Drupal core
Versions: 5.x and 6.x
Security risk: None

Description

This is a public service announcement regarding the "administer content types" permission. The rise of the Content Construction Kit (CCK) and a legion of powerful CCK field modules have considerably extended the abilities of a user with this permission, with much of a site's behaviour now being configurable via the content types administration pages.

SA-CONTRIB-2009-005 - Views bulk operations - Cross site scripting

By Drupal Security Team on 4 Feb 2009 at 18:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-005
Project: Views bulk operations (third-party module)
Version: 5.x, 6.x
Date: 2009 February 04
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-004 - Notify - Privilege escalation

By heine on 15 Jan 2009 at 08:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-004
Project: Notify
Versions: 5.x
Date: 2009-January-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Privilege escalation

SA-CORE-2009-001 Drupal core - Multiple vulnerabilities

By gábor hojtsy on 15 Jan 2009 at 00:00 UTC

Advisory ID: DRUPAL-SA-CORE-2009-001
Project: Drupal core
Versions: 5.x and 6.x
Date: 2009-January-14
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2009-003 - Internationalizaion (i18n) Translation module - Access bypass

By pwolanin on 14 Jan 2009 at 22:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-003
Project: Internationalization (i18n) (third-party module)
Version: 5.x-2.x
Date: 2009-January-14
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities

By dww on 7 Jan 2009 at 19:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-002
Project: Project issue tracking (third-party module)
Version: 5.x-2.x
Date: 2009-January-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Node access bypass, Cross-site scripting (XSS)

SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities

By dww on 7 Jan 2009 at 19:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-001
Project: Project release (third-party module)
Version: 5.x
Date: 2009-January-07
Security risk: Highly critical
Exploitable from: Remote
Vulnerabilities: Arbitrary file upload, Cross-site scripting (XSS)

Pages

Subscribe with RSS